Josip Rodin wrote: > On Mon, Jan 22, 2007 at 06:23:56PM +0100, Magnus Holmgren wrote: >>> can you give me direction on how to setup firewall so other program >>> can't sending mail directly with SMTP? >> With iptables, it depends on whether there is a different mail gateway that >> all outgoing mail is supposed to go through. If so, you can simply block all >> outgoing packets to port 25 from all hosts except that one: >> >> iptables -A OUTPUT -o eth1 -s '!' <gateway-IP> -p tcp --dport 25 -j REJECT >> >> (assuming that eth1 is the (only) interface connected to the outside world). > > Actually, you'll want to use the FORWARD chain, because the OUTPUT chain is > traversed by packets originating from this machine only. >
If unwanted programs sending mails run on the same machine, you can even filter by uid: iptables -t nat -A OUTPUT -p tcp --dport 25 -m owner --uid-owner exim -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 25 -j DROP -- 010100100110010101101110011000010111010101100100 010000010110110001101100011000010111001001100100
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
